Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/grumpydictator/firefly-iii@4.7.5.2
Typecomposer
Namespacegrumpydictator
Namefirefly-iii
Version4.7.5.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.1.17
Latest_non_vulnerable_version6.5.1
Affected_by_vulnerabilities
0
url VCID-1bnk-b65m-tqg6
vulnerability_id VCID-1bnk-b65m-tqg6
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3819
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.3398
published_at 2026-06-08T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.33929
published_at 2026-06-04T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.34031
published_at 2026-06-05T12:55:00Z
3
value 0.00141
scoring_system epss
scoring_elements 0.34045
published_at 2026-06-06T12:55:00Z
4
value 0.00141
scoring_system epss
scoring_elements 0.34013
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3819
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/578f350498b75f31d321c78a608c7f7b3b7b07e9
3
reference_url https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3819
reference_id CVE-2021-3819
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3819
5
reference_url https://github.com/advisories/GHSA-356r-77q8-f64f
reference_id GHSA-356r-77q8-f64f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-356r-77q8-f64f
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.1
purl pkg:composer/grumpydictator/firefly-iii@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xs8-eknt-gyap
1
vulnerability VCID-4hdz-bgf3-hqbz
2
vulnerability VCID-5as2-q475-7fgv
3
vulnerability VCID-6ydw-rfb3-hbe3
4
vulnerability VCID-f1nj-u7yz-zycr
5
vulnerability VCID-hbpp-jqk1-cubw
6
vulnerability VCID-jfps-wzcx-vyfj
7
vulnerability VCID-pvmv-dy5p-pkbn
8
vulnerability VCID-t96s-982j-d3fr
9
vulnerability VCID-u76r-dx9g-5fcv
10
vulnerability VCID-vkg3-xm11-3qdh
11
vulnerability VCID-wh6m-3mp3-gbfb
12
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.1
aliases CVE-2021-3819, GHSA-356r-77q8-f64f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bnk-b65m-tqg6
1
url VCID-2xs8-eknt-gyap
vulnerability_id VCID-2xs8-eknt-gyap
summary Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1789
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.4054
published_at 2026-06-08T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.40513
published_at 2026-06-04T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40593
published_at 2026-06-05T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.40597
published_at 2026-06-06T12:55:00Z
4
value 0.00189
scoring_system epss
scoring_elements 0.40569
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1789
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/
url https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5
3
reference_url https://github.com/firefly-iii/firefly-iii/pull/7043
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/pull/7043
4
reference_url https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T16:44:17Z/
url https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1789
reference_id CVE-2023-1789
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1789
6
reference_url https://github.com/advisories/GHSA-mwxw-hxvp-4r2r
reference_id GHSA-mwxw-hxvp-4r2r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwxw-hxvp-4r2r
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.7.18
purl pkg:composer/grumpydictator/firefly-iii@5.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5as2-q475-7fgv
1
vulnerability VCID-6ydw-rfb3-hbe3
2
vulnerability VCID-jfps-wzcx-vyfj
3
vulnerability VCID-t96s-982j-d3fr
4
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.7.18
1
url pkg:composer/grumpydictator/firefly-iii@6.0.0
purl pkg:composer/grumpydictator/firefly-iii@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xs8-eknt-gyap
1
vulnerability VCID-5as2-q475-7fgv
2
vulnerability VCID-jfps-wzcx-vyfj
3
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0
2
url pkg:composer/grumpydictator/firefly-iii@6.0.1
purl pkg:composer/grumpydictator/firefly-iii@6.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5as2-q475-7fgv
1
vulnerability VCID-jfps-wzcx-vyfj
2
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.1
aliases CVE-2023-1789, GHSA-mwxw-hxvp-4r2r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xs8-eknt-gyap
2
url VCID-4hdz-bgf3-hqbz
vulnerability_id VCID-4hdz-bgf3-hqbz
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3901
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.23717
published_at 2026-06-07T12:55:00Z
1
value 0.0008
scoring_system epss
scoring_elements 0.23663
published_at 2026-06-08T12:55:00Z
2
value 0.0008
scoring_system epss
scoring_elements 0.23764
published_at 2026-06-06T12:55:00Z
3
value 0.0008
scoring_system epss
scoring_elements 0.23779
published_at 2026-06-05T12:55:00Z
4
value 0.0008
scoring_system epss
scoring_elements 0.23683
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3901
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/b42d8d1e305cad70d9b83b33cd8e0d7a4b2060c2
3
reference_url https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/62508fdc-c26b-4312-bf75-fd3a3f997464
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3901
reference_id CVE-2021-3901
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3901
5
reference_url https://github.com/advisories/GHSA-rqgp-ccph-5w65
reference_id GHSA-rqgp-ccph-5w65
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqgp-ccph-5w65
fixed_packages
aliases CVE-2021-3901, GHSA-rqgp-ccph-5w65
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hdz-bgf3-hqbz
3
url VCID-5as2-q475-7fgv
vulnerability_id VCID-5as2-q475-7fgv
summary 
Firefly III allows webhooks HTML Injection.
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22075
reference_id
reference_type
scores
0
value 0.00128
scoring_system epss
scoring_elements 0.31746
published_at 2026-06-07T12:55:00Z
1
value 0.00128
scoring_system epss
scoring_elements 0.31713
published_at 2026-06-08T12:55:00Z
2
value 0.00128
scoring_system epss
scoring_elements 0.31815
published_at 2026-06-05T12:55:00Z
3
value 0.00128
scoring_system epss
scoring_elements 0.31784
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22075
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/28021aa711500bbada649de8fab9e72b4084ab21
3
reference_url https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/
url https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1
4
reference_url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22075
reference_id CVE-2024-22075
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22075
6
reference_url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/
reference_id front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-17T16:31:14Z/
url https://www.sonarsource.com/blog/front-end-frameworks-when-bypassing-built-in-sanitization-might-backfire/
7
reference_url https://github.com/advisories/GHSA-vwv2-9wcj-64vx
reference_id GHSA-vwv2-9wcj-64vx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vwv2-9wcj-64vx
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.1.1
purl pkg:composer/grumpydictator/firefly-iii@6.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jfps-wzcx-vyfj
1
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.1
aliases CVE-2024-22075, GHSA-vwv2-9wcj-64vx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5as2-q475-7fgv
4
url VCID-6ydw-rfb3-hbe3
vulnerability_id VCID-6ydw-rfb3-hbe3
summary Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1788
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45462
published_at 2026-06-05T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.4542
published_at 2026-06-08T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45445
published_at 2026-06-07T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45393
published_at 2026-06-04T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.45465
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1788
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/
url https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30
3
reference_url https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:41:29Z/
url https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1788
reference_id CVE-2023-1788
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1788
5
reference_url https://github.com/advisories/GHSA-h7vv-46p5-prmh
reference_id GHSA-h7vv-46p5-prmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7vv-46p5-prmh
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.0.0
purl pkg:composer/grumpydictator/firefly-iii@6.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xs8-eknt-gyap
1
vulnerability VCID-5as2-q475-7fgv
2
vulnerability VCID-jfps-wzcx-vyfj
3
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.0.0
aliases CVE-2023-1788, GHSA-h7vv-46p5-prmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ydw-rfb3-hbe3
5
url VCID-7j5p-xwqv-k3cf
vulnerability_id VCID-7j5p-xwqv-k3cf
summary 
Cross-site Scripting
Firefly III is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during `attachments/edit/$file_id$` attachment editing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13645
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51819
published_at 2026-06-06T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51809
published_at 2026-06-05T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51766
published_at 2026-06-08T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.5175
published_at 2026-06-04T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51797
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13645
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/17a66b3056096244a2198a7351847d26cb7b37c5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/17a66b3056096244a2198a7351847d26cb7b37c5
3
reference_url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
4
reference_url https://github.com/firefly-iii/firefly-iii/issues/2337
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/issues/2337
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13645
reference_id CVE-2019-13645
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13645
6
reference_url https://github.com/advisories/GHSA-5hpw-vcj2-prwg
reference_id GHSA-5hpw-vcj2-prwg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hpw-vcj2-prwg
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v5yd-vwys-f7hv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3
1
url pkg:composer/grumpydictator/firefly-iii@4.7.17.3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-951v-qu7n-4ybp
6
vulnerability VCID-ag6y-f8nh-5kej
7
vulnerability VCID-cbss-79ng-p7an
8
vulnerability VCID-cpwr-nyyb-afdf
9
vulnerability VCID-f1nj-u7yz-zycr
10
vulnerability VCID-hbpp-jqk1-cubw
11
vulnerability VCID-jfps-wzcx-vyfj
12
vulnerability VCID-pvmv-dy5p-pkbn
13
vulnerability VCID-q2aw-rbww-nqc7
14
vulnerability VCID-t96s-982j-d3fr
15
vulnerability VCID-u76r-dx9g-5fcv
16
vulnerability VCID-v5yd-vwys-f7hv
17
vulnerability VCID-vkg3-xm11-3qdh
18
vulnerability VCID-wh6m-3mp3-gbfb
19
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3
aliases CVE-2019-13645, GHSA-5hpw-vcj2-prwg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7j5p-xwqv-k3cf
6
url VCID-951v-qu7n-4ybp
vulnerability_id VCID-951v-qu7n-4ybp
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3729
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30089
published_at 2026-06-07T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30121
published_at 2026-06-06T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30157
published_at 2026-06-05T12:55:00Z
3
value 0.00117
scoring_system epss
scoring_elements 0.3006
published_at 2026-06-08T12:55:00Z
4
value 0.00117
scoring_system epss
scoring_elements 0.30084
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3729
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/06d319cd71b7787aa919b3ba1ccf51e4ade67712
3
reference_url https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3729
reference_id CVE-2021-3729
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3729
5
reference_url https://github.com/advisories/GHSA-gp6w-ccqv-p7qr
reference_id GHSA-gp6w-ccqv-p7qr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gp6w-ccqv-p7qr
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.0
purl pkg:composer/grumpydictator/firefly-iii@5.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-f1nj-u7yz-zycr
6
vulnerability VCID-hbpp-jqk1-cubw
7
vulnerability VCID-jfps-wzcx-vyfj
8
vulnerability VCID-pvmv-dy5p-pkbn
9
vulnerability VCID-t96s-982j-d3fr
10
vulnerability VCID-u76r-dx9g-5fcv
11
vulnerability VCID-vkg3-xm11-3qdh
12
vulnerability VCID-wh6m-3mp3-gbfb
13
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0
aliases CVE-2021-3729, GHSA-gp6w-ccqv-p7qr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-951v-qu7n-4ybp
7
url VCID-ag6y-f8nh-5kej
vulnerability_id VCID-ag6y-f8nh-5kej
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3730
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29241
published_at 2026-06-05T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29139
published_at 2026-06-08T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29172
published_at 2026-06-07T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.2917
published_at 2026-06-04T12:55:00Z
4
value 0.00111
scoring_system epss
scoring_elements 0.29208
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3730
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/f80178b1b2b7864d17500a131d570c353c9a26f6
3
reference_url https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3730
reference_id CVE-2021-3730
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3730
5
reference_url https://github.com/advisories/GHSA-c676-mcw3-qg55
reference_id GHSA-c676-mcw3-qg55
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c676-mcw3-qg55
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.0
purl pkg:composer/grumpydictator/firefly-iii@5.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-f1nj-u7yz-zycr
6
vulnerability VCID-hbpp-jqk1-cubw
7
vulnerability VCID-jfps-wzcx-vyfj
8
vulnerability VCID-pvmv-dy5p-pkbn
9
vulnerability VCID-t96s-982j-d3fr
10
vulnerability VCID-u76r-dx9g-5fcv
11
vulnerability VCID-vkg3-xm11-3qdh
12
vulnerability VCID-wh6m-3mp3-gbfb
13
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0
aliases CVE-2021-3730, GHSA-c676-mcw3-qg55
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ag6y-f8nh-5kej
8
url VCID-b23p-cn7c-k7av
vulnerability_id VCID-b23p-cn7c-k7av
summary 
Cross-site Scripting
Firefly III is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during `attachments/view/$file_id$` attachment viewing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13647
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42833
published_at 2026-06-07T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.42796
published_at 2026-06-08T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.42856
published_at 2026-06-06T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.42845
published_at 2026-06-05T12:55:00Z
4
value 0.00206
scoring_system epss
scoring_elements 0.42771
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13647
1
reference_url https://github.com/firefly-iii/firefly-iii/commit/531161db0902154fed433bb33bdb2cabd61ae6dc
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/531161db0902154fed433bb33bdb2cabd61ae6dc
2
reference_url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
3
reference_url https://github.com/firefly-iii/firefly-iii/issues/2338
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/issues/2338
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13647
reference_id CVE-2019-13647
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13647
5
reference_url https://github.com/advisories/GHSA-pcxq-28f6-m3fm
reference_id GHSA-pcxq-28f6-m3fm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pcxq-28f6-m3fm
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v5yd-vwys-f7hv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3
1
url pkg:composer/grumpydictator/firefly-iii@4.7.17.3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-951v-qu7n-4ybp
6
vulnerability VCID-ag6y-f8nh-5kej
7
vulnerability VCID-cbss-79ng-p7an
8
vulnerability VCID-cpwr-nyyb-afdf
9
vulnerability VCID-f1nj-u7yz-zycr
10
vulnerability VCID-hbpp-jqk1-cubw
11
vulnerability VCID-jfps-wzcx-vyfj
12
vulnerability VCID-pvmv-dy5p-pkbn
13
vulnerability VCID-q2aw-rbww-nqc7
14
vulnerability VCID-t96s-982j-d3fr
15
vulnerability VCID-u76r-dx9g-5fcv
16
vulnerability VCID-v5yd-vwys-f7hv
17
vulnerability VCID-vkg3-xm11-3qdh
18
vulnerability VCID-wh6m-3mp3-gbfb
19
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3
aliases CVE-2019-13647, GHSA-pcxq-28f6-m3fm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b23p-cn7c-k7av
9
url VCID-cbss-79ng-p7an
vulnerability_id VCID-cbss-79ng-p7an
summary firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3663
reference_id
reference_type
scores
0
value 0.0016
scoring_system epss
scoring_elements 0.36681
published_at 2026-06-05T12:55:00Z
1
value 0.0016
scoring_system epss
scoring_elements 0.36616
published_at 2026-06-08T12:55:00Z
2
value 0.0016
scoring_system epss
scoring_elements 0.36653
published_at 2026-06-07T12:55:00Z
3
value 0.0016
scoring_system epss
scoring_elements 0.36587
published_at 2026-06-04T12:55:00Z
4
value 0.0016
scoring_system epss
scoring_elements 0.36689
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3663
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/afc9f4b7ebc8a240c85864a6e1abda62bfeefae8
3
reference_url https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/releases/tag/5.5.13
4
reference_url https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/497bdf6d-7dba-49c3-8011-1c64dfbb3380
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3663
reference_id CVE-2021-3663
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3663
6
reference_url https://github.com/advisories/GHSA-56cx-wf47-hx7w
reference_id GHSA-56cx-wf47-hx7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56cx-wf47-hx7w
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.5.13
purl pkg:composer/grumpydictator/firefly-iii@5.5.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-951v-qu7n-4ybp
6
vulnerability VCID-ag6y-f8nh-5kej
7
vulnerability VCID-cpwr-nyyb-afdf
8
vulnerability VCID-f1nj-u7yz-zycr
9
vulnerability VCID-hbpp-jqk1-cubw
10
vulnerability VCID-jfps-wzcx-vyfj
11
vulnerability VCID-pvmv-dy5p-pkbn
12
vulnerability VCID-t96s-982j-d3fr
13
vulnerability VCID-u76r-dx9g-5fcv
14
vulnerability VCID-vkg3-xm11-3qdh
15
vulnerability VCID-wh6m-3mp3-gbfb
16
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.5.13
1
url pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1
purl pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-951v-qu7n-4ybp
6
vulnerability VCID-ag6y-f8nh-5kej
7
vulnerability VCID-cpwr-nyyb-afdf
8
vulnerability VCID-f1nj-u7yz-zycr
9
vulnerability VCID-hbpp-jqk1-cubw
10
vulnerability VCID-jfps-wzcx-vyfj
11
vulnerability VCID-pvmv-dy5p-pkbn
12
vulnerability VCID-t96s-982j-d3fr
13
vulnerability VCID-u76r-dx9g-5fcv
14
vulnerability VCID-vkg3-xm11-3qdh
15
vulnerability VCID-wh6m-3mp3-gbfb
16
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0-alpha.1
aliases CVE-2021-3663, GHSA-56cx-wf47-hx7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbss-79ng-p7an
10
url VCID-cpwr-nyyb-afdf
vulnerability_id VCID-cpwr-nyyb-afdf
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3728
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29172
published_at 2026-06-07T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29208
published_at 2026-06-06T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29241
published_at 2026-06-05T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29139
published_at 2026-06-08T12:55:00Z
4
value 0.00111
scoring_system epss
scoring_elements 0.2917
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3728
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/14cdce113e0eb8090d09066fcd2b5cf03b5ac84e
3
reference_url https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3728
reference_id CVE-2021-3728
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3728
5
reference_url https://github.com/advisories/GHSA-xp5q-77mh-6hm2
reference_id GHSA-xp5q-77mh-6hm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xp5q-77mh-6hm2
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.0
purl pkg:composer/grumpydictator/firefly-iii@5.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-f1nj-u7yz-zycr
6
vulnerability VCID-hbpp-jqk1-cubw
7
vulnerability VCID-jfps-wzcx-vyfj
8
vulnerability VCID-pvmv-dy5p-pkbn
9
vulnerability VCID-t96s-982j-d3fr
10
vulnerability VCID-u76r-dx9g-5fcv
11
vulnerability VCID-vkg3-xm11-3qdh
12
vulnerability VCID-wh6m-3mp3-gbfb
13
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.0
aliases CVE-2021-3728, GHSA-xp5q-77mh-6hm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwr-nyyb-afdf
11
url VCID-f1nj-u7yz-zycr
vulnerability_id VCID-f1nj-u7yz-zycr
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3921
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30138
published_at 2026-06-06T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30078
published_at 2026-06-08T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30107
published_at 2026-06-07T12:55:00Z
3
value 0.00117
scoring_system epss
scoring_elements 0.30101
published_at 2026-06-04T12:55:00Z
4
value 0.00117
scoring_system epss
scoring_elements 0.30173
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3921
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/47fa9e39561a9ec9e210e4023d090a7b33381684
3
reference_url https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/724d3fd5-9f04-45c4-98d6-35a7d15468f5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3921
reference_id CVE-2021-3921
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3921
5
reference_url https://github.com/advisories/GHSA-q2cv-94xm-qvg4
reference_id GHSA-q2cv-94xm-qvg4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2cv-94xm-qvg4
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.3
purl pkg:composer/grumpydictator/firefly-iii@5.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xs8-eknt-gyap
1
vulnerability VCID-5as2-q475-7fgv
2
vulnerability VCID-6ydw-rfb3-hbe3
3
vulnerability VCID-jfps-wzcx-vyfj
4
vulnerability VCID-pvmv-dy5p-pkbn
5
vulnerability VCID-t96s-982j-d3fr
6
vulnerability VCID-vkg3-xm11-3qdh
7
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.3
aliases CVE-2021-3921, GHSA-q2cv-94xm-qvg4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1nj-u7yz-zycr
12
url VCID-hbpp-jqk1-cubw
vulnerability_id VCID-hbpp-jqk1-cubw
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3900
reference_id
reference_type
scores
0
value 0.00238
scoring_system epss
scoring_elements 0.47056
published_at 2026-06-05T12:55:00Z
1
value 0.00238
scoring_system epss
scoring_elements 0.47012
published_at 2026-06-08T12:55:00Z
2
value 0.00238
scoring_system epss
scoring_elements 0.47042
published_at 2026-06-07T12:55:00Z
3
value 0.00238
scoring_system epss
scoring_elements 0.46991
published_at 2026-06-04T12:55:00Z
4
value 0.00238
scoring_system epss
scoring_elements 0.47059
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3900
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/c2c8c42ef3194d1aeba8c48240fe2e9063f77635
3
reference_url https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/909e55b6-ef02-4143-92e4-bc3e8397db76
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3900
reference_id CVE-2021-3900
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3900
5
reference_url https://github.com/advisories/GHSA-pfj7-w373-gqch
reference_id GHSA-pfj7-w373-gqch
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfj7-w373-gqch
fixed_packages
aliases CVE-2021-3900, GHSA-pfj7-w373-gqch
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbpp-jqk1-cubw
13
url VCID-jfps-wzcx-vyfj
vulnerability_id VCID-jfps-wzcx-vyfj
summary 
Firefly III has a MFA bypass in oauth flow
A MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to your Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an incrementing id, an attacker could try sign an OAuth application up to a users profile quite easily if they have created one. The attacker would also need to know the victims username and password.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37893
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.08376
published_at 2026-06-08T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.08433
published_at 2026-06-07T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.08453
published_at 2026-06-06T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.08441
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37893
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://owasp.org/www-community/attacks/Password_Spraying_Attack
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/
url https://owasp.org/www-community/attacks/Password_Spraying_Attack
3
reference_url https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/
url https://www.menlosecurity.com/what-is/highly-evasive-adaptive-threats-heat/mfa-bypass
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37893
reference_id CVE-2024-37893
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37893
5
reference_url https://github.com/advisories/GHSA-4gm4-c4mh-4p7w
reference_id GHSA-4gm4-c4mh-4p7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4gm4-c4mh-4p7w
6
reference_url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w
reference_id GHSA-4gm4-c4mh-4p7w
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-15T19:20:53Z/
url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-4gm4-c4mh-4p7w
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.1.17
purl pkg:composer/grumpydictator/firefly-iii@6.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.17
aliases CVE-2024-37893, GHSA-4gm4-c4mh-4p7w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfps-wzcx-vyfj
14
url VCID-pvmv-dy5p-pkbn
vulnerability_id VCID-pvmv-dy5p-pkbn
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4005
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.36801
published_at 2026-06-07T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36835
published_at 2026-06-06T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.36829
published_at 2026-06-05T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.36763
published_at 2026-06-08T12:55:00Z
4
value 0.00161
scoring_system epss
scoring_elements 0.36737
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4005
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/03a1601bf343181df9f405dd2109aec483cb7053
3
reference_url https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/bf4ef581-325a-492d-a710-14fcb53f00ff
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4005
reference_id CVE-2021-4005
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4005
5
reference_url https://github.com/advisories/GHSA-hjhp-hwfj-hwf3
reference_id GHSA-hjhp-hwfj-hwf3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hjhp-hwfj-hwf3
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.5
purl pkg:composer/grumpydictator/firefly-iii@5.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xs8-eknt-gyap
1
vulnerability VCID-5as2-q475-7fgv
2
vulnerability VCID-6ydw-rfb3-hbe3
3
vulnerability VCID-jfps-wzcx-vyfj
4
vulnerability VCID-t96s-982j-d3fr
5
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5
aliases CVE-2021-4005, GHSA-hjhp-hwfj-hwf3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvmv-dy5p-pkbn
15
url VCID-q2aw-rbww-nqc7
vulnerability_id VCID-q2aw-rbww-nqc7
summary 
Cross-site Scripting
An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled.
references
0
reference_url https://github.com/firefly-iii/firefly-iii/issues/3990
reference_id
reference_type
scores
url https://github.com/firefly-iii/firefly-iii/issues/3990
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27981
reference_id CVE-2020-27981
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-27981
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.4.5
purl pkg:composer/grumpydictator/firefly-iii@5.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-951v-qu7n-4ybp
6
vulnerability VCID-ag6y-f8nh-5kej
7
vulnerability VCID-cbss-79ng-p7an
8
vulnerability VCID-cpwr-nyyb-afdf
9
vulnerability VCID-f1nj-u7yz-zycr
10
vulnerability VCID-hbpp-jqk1-cubw
11
vulnerability VCID-jfps-wzcx-vyfj
12
vulnerability VCID-pvmv-dy5p-pkbn
13
vulnerability VCID-t96s-982j-d3fr
14
vulnerability VCID-u76r-dx9g-5fcv
15
vulnerability VCID-vkg3-xm11-3qdh
16
vulnerability VCID-wh6m-3mp3-gbfb
17
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.4.5
aliases CVE-2020-27981
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2aw-rbww-nqc7
16
url VCID-t96s-982j-d3fr
vulnerability_id VCID-t96s-982j-d3fr
summary 
Incorrect Authorization
Improper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0298
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37322
published_at 2026-06-05T12:55:00Z
1
value 0.00165
scoring_system epss
scoring_elements 0.37257
published_at 2026-06-08T12:55:00Z
2
value 0.00165
scoring_system epss
scoring_elements 0.37295
published_at 2026-06-07T12:55:00Z
3
value 0.00165
scoring_system epss
scoring_elements 0.3723
published_at 2026-06-04T12:55:00Z
4
value 0.00165
scoring_system epss
scoring_elements 0.37327
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0298
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/
url https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4
3
reference_url https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T18:41:12Z/
url https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0298
reference_id CVE-2023-0298
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0298
5
reference_url https://github.com/advisories/GHSA-7mc4-jp4f-v2j2
reference_id GHSA-7mc4-jp4f-v2j2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mc4-jp4f-v2j2
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.8.0
purl pkg:composer/grumpydictator/firefly-iii@5.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xs8-eknt-gyap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.8.0
aliases CVE-2023-0298, GHSA-7mc4-jp4f-v2j2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t96s-982j-d3fr
17
url VCID-u76r-dx9g-5fcv
vulnerability_id VCID-u76r-dx9g-5fcv
summary firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3846
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.46997
published_at 2026-06-08T12:55:00Z
1
value 0.00237
scoring_system epss
scoring_elements 0.46975
published_at 2026-06-04T12:55:00Z
2
value 0.00237
scoring_system epss
scoring_elements 0.47041
published_at 2026-06-05T12:55:00Z
3
value 0.00237
scoring_system epss
scoring_elements 0.47044
published_at 2026-06-06T12:55:00Z
4
value 0.00237
scoring_system epss
scoring_elements 0.47026
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3846
1
reference_url https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/a85b6420c19ace35134f896e094e1971d8c7954b
2
reference_url https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/5267ec1c-d204-40d2-bd4f-6c2dd495ee18
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3846
reference_id CVE-2021-3846
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3846
4
reference_url https://github.com/advisories/GHSA-5gq7-826w-8282
reference_id GHSA-5gq7-826w-8282
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gq7-826w-8282
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.2
purl pkg:composer/grumpydictator/firefly-iii@5.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xs8-eknt-gyap
1
vulnerability VCID-4hdz-bgf3-hqbz
2
vulnerability VCID-5as2-q475-7fgv
3
vulnerability VCID-6ydw-rfb3-hbe3
4
vulnerability VCID-f1nj-u7yz-zycr
5
vulnerability VCID-hbpp-jqk1-cubw
6
vulnerability VCID-jfps-wzcx-vyfj
7
vulnerability VCID-pvmv-dy5p-pkbn
8
vulnerability VCID-t96s-982j-d3fr
9
vulnerability VCID-vkg3-xm11-3qdh
10
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2
aliases CVE-2021-3846, GHSA-5gq7-826w-8282
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u76r-dx9g-5fcv
18
url VCID-v5yd-vwys-f7hv
vulnerability_id VCID-v5yd-vwys-f7hv
summary 
Improper Input Validation
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14671
reference_id
reference_type
scores
0
value 0.00053
scoring_system epss
scoring_elements 0.16706
published_at 2026-06-08T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.16749
published_at 2026-06-04T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.16829
published_at 2026-06-05T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.16824
published_at 2026-06-06T12:55:00Z
4
value 0.00053
scoring_system epss
scoring_elements 0.16788
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14671
1
reference_url https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/e80d616ef4397e6e764f6b7b7a5b30121244933c
2
reference_url https://github.com/firefly-iii/firefly-iii/issues/2367
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/issues/2367
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14671
reference_id CVE-2019-14671
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14671
4
reference_url https://github.com/advisories/GHSA-jjcx-999m-35hc
reference_id GHSA-jjcx-999m-35hc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjcx-999m-35hc
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@4.7.17.4
purl pkg:composer/grumpydictator/firefly-iii@4.7.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-951v-qu7n-4ybp
6
vulnerability VCID-ag6y-f8nh-5kej
7
vulnerability VCID-cbss-79ng-p7an
8
vulnerability VCID-cpwr-nyyb-afdf
9
vulnerability VCID-f1nj-u7yz-zycr
10
vulnerability VCID-hbpp-jqk1-cubw
11
vulnerability VCID-jfps-wzcx-vyfj
12
vulnerability VCID-pvmv-dy5p-pkbn
13
vulnerability VCID-q2aw-rbww-nqc7
14
vulnerability VCID-t96s-982j-d3fr
15
vulnerability VCID-u76r-dx9g-5fcv
16
vulnerability VCID-vkg3-xm11-3qdh
17
vulnerability VCID-wh6m-3mp3-gbfb
18
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.4
1
url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B4
purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B4
aliases CVE-2019-14671, GHSA-jjcx-999m-35hc
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5yd-vwys-f7hv
19
url VCID-v776-99j4-mua2
vulnerability_id VCID-v776-99j4-mua2
summary 
Cross-site Scripting
Firefly III is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the `tags/show/$tag_number$` tag summary page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13644
reference_id
reference_type
scores
0
value 0.00225
scoring_system epss
scoring_elements 0.45304
published_at 2026-06-07T12:55:00Z
1
value 0.00225
scoring_system epss
scoring_elements 0.45277
published_at 2026-06-08T12:55:00Z
2
value 0.00225
scoring_system epss
scoring_elements 0.45319
published_at 2026-06-05T12:55:00Z
3
value 0.00225
scoring_system epss
scoring_elements 0.4525
published_at 2026-06-04T12:55:00Z
4
value 0.00225
scoring_system epss
scoring_elements 0.45323
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13644
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/def307010c388c4e92d7066671ad62e477cc087a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/def307010c388c4e92d7066671ad62e477cc087a
3
reference_url https://github.com/firefly-iii/firefly-iii/compare/76aa8ac...45b8c36
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:39:56Z/
url https://github.com/firefly-iii/firefly-iii/compare/76aa8ac...45b8c36
4
reference_url https://github.com/firefly-iii/firefly-iii/issues/2335
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:39:56Z/
url https://github.com/firefly-iii/firefly-iii/issues/2335
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13644
reference_id CVE-2019-13644
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13644
6
reference_url https://github.com/advisories/GHSA-9xmx-rj7j-fv9q
reference_id GHSA-9xmx-rj7j-fv9q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9xmx-rj7j-fv9q
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@4.7.17.1
purl pkg:composer/grumpydictator/firefly-iii@4.7.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-7j5p-xwqv-k3cf
6
vulnerability VCID-951v-qu7n-4ybp
7
vulnerability VCID-ag6y-f8nh-5kej
8
vulnerability VCID-b23p-cn7c-k7av
9
vulnerability VCID-cbss-79ng-p7an
10
vulnerability VCID-cpwr-nyyb-afdf
11
vulnerability VCID-f1nj-u7yz-zycr
12
vulnerability VCID-hbpp-jqk1-cubw
13
vulnerability VCID-jfps-wzcx-vyfj
14
vulnerability VCID-pvmv-dy5p-pkbn
15
vulnerability VCID-q2aw-rbww-nqc7
16
vulnerability VCID-t96s-982j-d3fr
17
vulnerability VCID-u76r-dx9g-5fcv
18
vulnerability VCID-v5yd-vwys-f7hv
19
vulnerability VCID-vkg3-xm11-3qdh
20
vulnerability VCID-wh6m-3mp3-gbfb
21
vulnerability VCID-xvtj-8abr-tuem
22
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.1
1
url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B1
purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B1
aliases CVE-2019-13644, GHSA-9xmx-rj7j-fv9q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v776-99j4-mua2
20
url VCID-vkg3-xm11-3qdh
vulnerability_id VCID-vkg3-xm11-3qdh
summary firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4015
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.36835
published_at 2026-06-06T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.36763
published_at 2026-06-08T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.36801
published_at 2026-06-07T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.36737
published_at 2026-06-04T12:55:00Z
4
value 0.00161
scoring_system epss
scoring_elements 0.36829
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4015
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/518b4ba5a7a56760902758ae0a2c6a392c2f4d37
3
reference_url https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/releases/tag/5.6.5
4
reference_url https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/b698d445-602d-4701-961c-dffe6d3009b1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4015
reference_id CVE-2021-4015
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4015
6
reference_url https://github.com/advisories/GHSA-g6vq-wc8w-4g69
reference_id GHSA-g6vq-wc8w-4g69
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g6vq-wc8w-4g69
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.4
purl pkg:composer/grumpydictator/firefly-iii@5.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xs8-eknt-gyap
1
vulnerability VCID-5as2-q475-7fgv
2
vulnerability VCID-6ydw-rfb3-hbe3
3
vulnerability VCID-jfps-wzcx-vyfj
4
vulnerability VCID-pvmv-dy5p-pkbn
5
vulnerability VCID-t96s-982j-d3fr
6
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.4
1
url pkg:composer/grumpydictator/firefly-iii@5.6.5
purl pkg:composer/grumpydictator/firefly-iii@5.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xs8-eknt-gyap
1
vulnerability VCID-5as2-q475-7fgv
2
vulnerability VCID-6ydw-rfb3-hbe3
3
vulnerability VCID-jfps-wzcx-vyfj
4
vulnerability VCID-t96s-982j-d3fr
5
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.5
aliases CVE-2021-4015, GHSA-g6vq-wc8w-4g69
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vkg3-xm11-3qdh
21
url VCID-wh6m-3mp3-gbfb
vulnerability_id VCID-wh6m-3mp3-gbfb
summary 
URL Redirection to Untrusted Site ('Open Redirect')
firefly-iii is vulnerable to URL Redirection to Untrusted Site
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3851
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37906
published_at 2026-06-05T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.37843
published_at 2026-06-08T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.37878
published_at 2026-06-07T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.37815
published_at 2026-06-04T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.37909
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3851
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/8662dfa4c0f71efef61c31dc015c6f723db8318d
3
reference_url https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/549a1040-9b5e-420b-9b80-20700dd9d592
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3851
reference_id CVE-2021-3851
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3851
5
reference_url https://github.com/advisories/GHSA-5fvx-5p2r-4mvp
reference_id GHSA-5fvx-5p2r-4mvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5fvx-5p2r-4mvp
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@5.6.2
purl pkg:composer/grumpydictator/firefly-iii@5.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xs8-eknt-gyap
1
vulnerability VCID-4hdz-bgf3-hqbz
2
vulnerability VCID-5as2-q475-7fgv
3
vulnerability VCID-6ydw-rfb3-hbe3
4
vulnerability VCID-f1nj-u7yz-zycr
5
vulnerability VCID-hbpp-jqk1-cubw
6
vulnerability VCID-jfps-wzcx-vyfj
7
vulnerability VCID-pvmv-dy5p-pkbn
8
vulnerability VCID-t96s-982j-d3fr
9
vulnerability VCID-vkg3-xm11-3qdh
10
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@5.6.2
aliases CVE-2021-3851, GHSA-5fvx-5p2r-4mvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wh6m-3mp3-gbfb
22
url VCID-xvtj-8abr-tuem
vulnerability_id VCID-xvtj-8abr-tuem
summary 
Cross-site Scripting
Firefly III is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13646
reference_id
reference_type
scores
0
value 0.00281
scoring_system epss
scoring_elements 0.51797
published_at 2026-06-07T12:55:00Z
1
value 0.00281
scoring_system epss
scoring_elements 0.51766
published_at 2026-06-08T12:55:00Z
2
value 0.00281
scoring_system epss
scoring_elements 0.51809
published_at 2026-06-05T12:55:00Z
3
value 0.00281
scoring_system epss
scoring_elements 0.5175
published_at 2026-06-04T12:55:00Z
4
value 0.00281
scoring_system epss
scoring_elements 0.51819
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13646
1
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
2
reference_url https://github.com/firefly-iii/firefly-iii/commit/f795cb07e1bb9ad3bd0dceeafbb0ece4ebe518d7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/commit/f795cb07e1bb9ad3bd0dceeafbb0ece4ebe518d7
3
reference_url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/compare/a70b7cc...7d482aa
4
reference_url https://github.com/firefly-iii/firefly-iii/issues/2339
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/issues/2339
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13646
reference_id CVE-2019-13646
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13646
6
reference_url https://github.com/advisories/GHSA-mrc2-h7q2-pp97
reference_id GHSA-mrc2-h7q2-pp97
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrc2-h7q2-pp97
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17%2B3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v5yd-vwys-f7hv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17%252B3
1
url pkg:composer/grumpydictator/firefly-iii@4.7.17.3
purl pkg:composer/grumpydictator/firefly-iii@4.7.17.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bnk-b65m-tqg6
1
vulnerability VCID-2xs8-eknt-gyap
2
vulnerability VCID-4hdz-bgf3-hqbz
3
vulnerability VCID-5as2-q475-7fgv
4
vulnerability VCID-6ydw-rfb3-hbe3
5
vulnerability VCID-951v-qu7n-4ybp
6
vulnerability VCID-ag6y-f8nh-5kej
7
vulnerability VCID-cbss-79ng-p7an
8
vulnerability VCID-cpwr-nyyb-afdf
9
vulnerability VCID-f1nj-u7yz-zycr
10
vulnerability VCID-hbpp-jqk1-cubw
11
vulnerability VCID-jfps-wzcx-vyfj
12
vulnerability VCID-pvmv-dy5p-pkbn
13
vulnerability VCID-q2aw-rbww-nqc7
14
vulnerability VCID-t96s-982j-d3fr
15
vulnerability VCID-u76r-dx9g-5fcv
16
vulnerability VCID-v5yd-vwys-f7hv
17
vulnerability VCID-vkg3-xm11-3qdh
18
vulnerability VCID-wh6m-3mp3-gbfb
19
vulnerability VCID-zyzb-95vu-bfbp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.17.3
aliases CVE-2019-13646, GHSA-mrc2-h7q2-pp97
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvtj-8abr-tuem
23
url VCID-zyzb-95vu-bfbp
vulnerability_id VCID-zyzb-95vu-bfbp
summary 
C5 Firefly III CSV Injection.
### Summary
CSV injection is a vulnerability where untrusted user input in CSV files can lead to unauthorized access or data manipulation. 
In my subsequent testing of the application.

### Details
I discovered that there is an option to "Export Data" from the web app to your personal computer, which exports a "csv" file that can be opened with Excel software that supports macros.

P.S 
I discovered that the web application's is offering a demo-site that anyone may access to play with the web application. So, there's a chance that someone will export the data (CVS) from the demo site and execute it on their PC, giving the malicious actor a complete control over their machine. (if a user enters a malicious payload to the website).

### PoC
You can check out my vulnerability report if you need more details/PoC with screenshots: (removed by JC5)

### Impact
An attacker can exploit this by entering a specially crafted payload to one of the fields, and when a user export the csv file using the "Export Data" function, the attacker can potentiality can RCE.

### Addendum by JC5, the developer of Firefly III
There is zero impact on normal users, even on vulnerable versions.
references
0
reference_url https://github.com/firefly-iii/firefly-iii
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii
1
reference_url https://github.com/advisories/GHSA-29w6-c52g-m8jc
reference_id GHSA-29w6-c52g-m8jc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29w6-c52g-m8jc
2
reference_url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc
reference_id GHSA-29w6-c52g-m8jc
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/firefly-iii/firefly-iii/security/advisories/GHSA-29w6-c52g-m8jc
fixed_packages
0
url pkg:composer/grumpydictator/firefly-iii@6.1.7
purl pkg:composer/grumpydictator/firefly-iii@6.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jfps-wzcx-vyfj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@6.1.7
aliases GHSA-29w6-c52g-m8jc, GMS-2024-52
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zyzb-95vu-bfbp
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/grumpydictator/firefly-iii@4.7.5.2